Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2025-06-02
CVE-2023-0079 - Before 5 Plugin
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
PLUGIN
Before 5
CVE-2023-0079
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5348 - Before 5 Plugin
The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users.
PLUGIN
Before 5
CVE-2023-5348
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5845 - Before 5 Plugin
The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
PLUGIN
Before 5
CVE-2023-5845
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-4642 - Before 5 Plugin
The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
PLUGIN
Before 5
CVE-2023-4642
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-5140 - Before 5 Plugin
The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
PLUGIN
Before 5
CVE-2023-5140
Risk Score
Threat Entry
Updated 2025-02-26
CVE-2023-4810 - Before 5 Plugin
The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 5
CVE-2023-4810
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4318 - Before 5 Plugin
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack
PLUGIN
Before 5
CVE-2023-4318
Risk Score
Threat Entry
Updated 2025-04-23
CVE-2023-4022 - Before 5 Plugin
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 5
CVE-2023-4022
Risk Score
Threat Entry
Updated 2025-03-06
CVE-2023-3814 - Before 5 Plugin
The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.
PLUGIN
Before 5
CVE-2023-3814
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0579 - Before 5 Plugin
The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.
PLUGIN
Before 5
CVE-2023-0579
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-3225 - Before 5 Plugin
The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 5
CVE-2023-3225
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2320 - Before 5 Plugin
The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 5
CVE-2023-2320
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2711 - Before 5 Plugin
The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 5
CVE-2023-2711
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-2568 - Before 5 Plugin
The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
PLUGIN
Before 5
CVE-2023-2568
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2023-2362 - Before 5 Plugin
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to…
PLUGIN
Before 5
CVE-2023-2362
Risk Score
Threat Entry
Updated 2025-01-30
CVE-2023-1554 - Before 5 Plugin
The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
PLUGIN
Before 5
CVE-2023-1554
Risk Score
Threat Entry
Updated 2025-02-06
CVE-2023-1282 - Before 5 Plugin
The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations WordPress plugin before 5.0.6.4 do not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.
PLUGIN
Before 5
CVE-2023-1282
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2023-0156 - Before 5 Plugin
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.
PLUGIN
Before 5
CVE-2023-0156
Risk Score
Threat Entry
Updated 2025-02-11
CVE-2023-0157 - Before 5 Plugin
The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.
PLUGIN
Before 5
CVE-2023-0157
Risk Score
Threat Entry
Updated 2025-02-14
CVE-2023-1124 - Before 5 Plugin
The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.
PLUGIN
Before 5
CVE-2023-1124
Risk Score